Distributed database security with discretionary access control

Database Security using Discretionary Access Control

BySumitro Bhaumik – 000911001011Jyotishkar Dey – 000911001036

What is Discretionary Access Control in a database?

A new paradigm of database

security which assigns different

security levels to users and as well

as attributes depending upon some

security policies as per requirement

A Traditional Database

Why do we need it?•Conventional database security does not provide

“granular security”

•You either have access or have no access to a database

•But items in a database are of different types, need

different security

•One “easy” solution; keep items of same security levels

in different tables

Problems

•Conflict with relational dependencies

•Increased complexity in order to preserve both

relational dependencies and security dependencies

Solution!

“Multi-level Security System”Users of a particular security level can only access

elements in a database which correspond to his/her

security level

This way, sensitive data in the same database will be

hidden, while still allowing the public to access the central

database

Working PrincipleThe Bell-LaPadula Model

This model focuses on data confidentiality and

controlled access to classified information. In this

formal model, the entities in an information system are

divided into subjects and objects. The Bell–LaPadula is

built on the concept of a state machine with a set of

allowable “secure states”. The notion of a "secure state"

is defined, and it is proven that each state transition

preserves security by moving from secure state to

secure state. This inductively proves that the system

satisfies the security objectives of the model

The Bell-LaPadula ModelThe Bell–LaPadula model defines a “secure state”

through three multilevel properties

• The Simple Security Property (ss Property)

• The * (star) Security Property

• The Discretionary Security Property

Working Principle

Working Principle

The Simple Security Property

This policy requires a subject of lower security level

cannot read from an object of higher security level, that

is, no “read-up”

Working Principle

The * (Star) Security Property

This policy requires a subject of higher security level

not to write on an object of lower security level, that is,

no “write down”

Working Principle

The Discretionary Security

Property

This policy does not require any hard and fast rule.

A security mapping is created between subjects and

objects which indicates which subject can read and

write into which object.

A sample FSA of the Bell-LaPadula Model

Steps Followed To Design a Secure Database

1. Identification of subjects, objects and permitted

actions (identification process)

1. Identification of the subjects

2. Identification of the objects

2. Assignment of security labels (labeling process)

1. Assignment of security labels to the subjects

2. Assignment of security labels to the objects

Identification of subjects Identification of objects

Labeling of subjects

Labeling of objects

Pros & ConsPros• Gives finer control over the security of the database

• Attributes do not loose their functional dependency

• No need to change original database to implement this

feature; transparent. Hence, very easy to mobilize the

technology

• There needs to be only one global database which

users can use, without any fear of leakage of sensitive

data. No need to create a separate database for

different security levels

Cons• For every query, the security level of every element

needs to be checked with the security level of the user.

Hence, the process is a bit slow

• Care has to be taken for some special conditions which

might arise during “write up” operations

Pros & Cons

Area of Use• Banking• Defense• Office• Public/Private database

Thank You!